Spring Live

In this episode

The traditional “outside in” scanning and firewalling approach to application security has failed. After decades of attempts to improve software security, vulnerability rates are still staggering, attacks are increasing in volume and severity, development speed is increasing, and we have perennial talent shortages. It’s time we finally recognize that efforts to push security into software through software development have been ineffective. Even worse, they have slowed development and hampered innovation.

In this talk, we will show how you can use software security instrumentation to achieve software security from the “inside out”. Security testing is far faster and more accurate from inside the application. We can also inventory applications and analyze open source. Maybe most interesting is that we can use instrumentation to prevent vulnerabilities from being exploited. Unlike traditional confrontational approaches to AppSec, the instrumentation approach establishes a safe and powerful way for development and security teams to collaborate. In this talk, we’ll show how software security instrumentation works, how it is already enhancing the security of applications in thousands of organizations, and what the future holds for this powerful technology.